CVE-2017-9796: OQL bind parameter vulnerability

January 9, 2018 (updated February 2, 2018)

A malicious user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions.

References

issues.apache.org/jira/browse/GEODE-3248

Detect and mitigate CVE-2017-9796 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →